View online: https://www.drupal.org/sa-contrib-2022-029

Project: Opigno Learning path [1] Date: 2022-March-09 Security risk: *Moderately critical* 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All [2] Vulnerability: Access bypass

Description:  This module is used as part of the Opigno LMS distribution and implements learning paths for the LMS.

The module was providing too much user information about users such as the list of groups a uid is in.

Solution:  Install the latest version:

* If you use the opigno_learning_path module for Drupal 9.x, upgrade to 3.0.1 opigno_learning_path 3.0.1 [3]

Reported By:  * Aaron Bauman [4]

Fixed By:  * Aaron Bauman [5] * James Aparicio [6]

[1] https://www.drupal.org/project/opigno_learning_path [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/opigno_learning_path/releases/3.0.1 [4] https://www.drupal.org/user/384578 [5] https://www.drupal.org/user/384578 [6] https://www.drupal.org/user/2547544